WEBVTT 00:00.000 --> 00:14.440 This is Hacker Public Radio episode 4,081 from Monday the 25th of March 2024. 00:14.440 --> 00:19.480 Today's show is entitled The Oh No News. 00:19.480 --> 00:22.720 It is part of the series' privacy and security. 00:22.720 --> 00:28.480 It is the 60th show, some guy on the internet, and is about 12 minutes long. 00:28.480 --> 00:31.120 It carries a clean flag. 00:31.120 --> 00:41.040 The summary is, Scoti gives us some moral panic written pearl clutching nonsense. 00:41.040 --> 00:45.280 Hello and welcome to another episode of Hacker Public Radio, I'm your host, some guy on 00:45.280 --> 00:46.280 the internet. 00:46.280 --> 00:49.480 This is The Oh No News, let's get started. 00:49.480 --> 00:54.840 Q-net warns of critical off bypass flow in its last devices. 00:54.840 --> 00:59.240 All right, ladies and gentlemen, this article is coming from bleeping computers and the 00:59.240 --> 01:05.880 beloved Q-net competitor to Synology, you know those little in-house Q-boxes, the beloved 01:05.880 --> 01:07.360 NAS and a box. 01:07.360 --> 01:08.800 Yeah, you know the ones. 01:08.800 --> 01:13.360 What they've got a little bit of a vulnerability here is actually three vulnerabilities. 01:13.360 --> 01:22.320 One of them, which is label CVE, 2024, 2189, is marked as low complexity and it can 01:22.320 --> 01:24.720 be executed remotely. 01:24.720 --> 01:30.120 So three vulnerabilities, in total, one can be executed remotely, the other two just sort 01:30.120 --> 01:31.840 of play off of the first. 01:31.840 --> 01:34.160 I'm not going to go into too much detail with it. 01:34.160 --> 01:40.080 All you need to know is if you have a Q-net device and they have the models I listed in 01:40.080 --> 01:51.240 the article here is the QTS models, the QTS 5.1 QTS 4.5 models as well as the Q-UTS 01:51.240 --> 01:59.480 He-Roll and the Q-UTS Cloud models, I believe version 5 and 4.5 are the models that are 01:59.480 --> 02:01.320 affected by this vulnerability. 02:01.320 --> 02:06.360 However, there's a simple fix they've already patched it or you have to do is update. 02:06.360 --> 02:10.240 The article also walks you through on how to update from the UI, you know, go to the 02:10.240 --> 02:15.200 control panel, click on systems, firmware update, check for updates, your system should 02:15.200 --> 02:17.640 pull down updates and you'll be good to go. 02:17.640 --> 02:22.920 So if you are a loved one, are you using Q-Nap devices, just go ahead and perform an update. 02:22.920 --> 02:26.800 Now the article does go on to tell us a little bit more about a few ransomware groups 02:26.800 --> 02:33.160 that are currently targeting Q-Nap devices like deadbolt, checkmate, and Q-Locker. 02:33.160 --> 02:37.400 But like anything that's on the internet, it is an attack surface so you're going to always 02:37.400 --> 02:39.160 want to stay up to date. 02:39.160 --> 02:42.280 Not only that, you're also going to want to back up your data. 02:42.280 --> 02:46.680 Backing up your data is a sure-file solution to prevent ransomware attacks or actually 02:46.680 --> 02:51.240 won't prevent ransomware attacks, but it'll allow you to recover from a ransomware attack. 02:51.240 --> 02:57.160 See that story was just a nice little warm-up, it was a refreshing, cup of tea, in comparison 02:57.160 --> 02:58.480 to the next story. 02:58.480 --> 03:07.200 Switzerland, play ransomware elite 65,000 government documents. 03:07.200 --> 03:09.160 Can you say yikes? 03:09.160 --> 03:14.600 I know Switzerland likes to take that neutral stance, where right about now they're going 03:14.600 --> 03:17.440 to have to be firing up a storm. 03:17.440 --> 03:24.560 See, I had to go ahead and do some let-goals 65,000 government documents were leaked. 03:24.560 --> 03:29.360 And it seemed like a lot of files were in Switzerland's Justice Department, so the current 03:29.360 --> 03:35.880 agencies like the Federal Department of Justice, the State Secretary of Migration, Internal 03:35.880 --> 03:41.120 IT Service Center, the Federal Department of Defense, Civil Protection, and Sport. 03:41.120 --> 03:47.600 They even said that around 5,000 of the documents were just flat out personal information. 03:47.600 --> 03:53.200 We're talking about names, email addresses, telephone numbers, and home addresses, along 03:53.200 --> 03:58.040 with the good old technical details, like their classification information. 03:58.040 --> 04:02.880 Oh, and let's forget about, let's definitely not forget about their account passwords, 04:02.880 --> 04:06.040 we're all so part of that. 04:06.120 --> 04:12.680 And I like the way how an article, they sort of shrink away like, you know, lean close 04:12.680 --> 04:19.320 to the microphone and whisper, yeah, a small subset of the data that was leaked contains 04:19.320 --> 04:24.200 software and architectural data, along with more passwords. 04:24.200 --> 04:25.200 Yikes. 04:25.200 --> 04:29.880 I can't imagine having to do the presentation for that one, right? 04:29.880 --> 04:34.200 Can you imagine having to put together a PowerPoint and standard front of a bunch of guys 04:34.200 --> 04:36.800 in the government and explain how this happened? 04:36.800 --> 04:43.000 What, what you see, what happened was those guys over there did it, yeah, it's not my 04:43.000 --> 04:48.120 department, it's the other guys that did it, if it could fire anybody fire them, I knew 04:48.120 --> 04:49.760 I should have went to work at Google. 04:49.760 --> 04:55.520 I said it'd be a little bit more clear, X-plane is a company that contracts to work with 04:55.520 --> 04:57.120 this Wittseling government. 04:57.120 --> 05:01.760 So if you want to split hairs, you can say it's not actually the government that was 05:01.760 --> 05:07.680 breached, but the company that was contracted to perform these tasks for the government. 05:07.680 --> 05:14.480 Nonetheless, the government employees and government data was still lost due to the attack. 05:14.480 --> 05:18.680 What is this goes to show you, Switzerland should have hired me because I could have got 05:18.680 --> 05:24.000 them breached for a quarter of the price they paid, X-plane, you understand? 05:24.000 --> 05:27.120 And we would get a lot more jokes out of it as well. 05:27.120 --> 05:29.800 And here's one of the things that I think is kind of funny. 05:29.800 --> 05:36.680 They mentioned that analyzing the delete data, right, saying that this is legally complicated. 05:36.680 --> 05:38.120 Let's stop and think about it. 05:38.120 --> 05:48.160 It's already broadcasted on the internet for everyone to see how much more complicated could 05:48.160 --> 05:49.160 get. 05:49.160 --> 05:56.440 And you know, let's make sure only the appropriate containerized agency departments with only 05:56.440 --> 06:03.480 the specialized individuals in their, in their perfectly positioned cubicles have accents 06:03.480 --> 06:08.040 to this documentation that we found on the great wide open. 06:08.040 --> 06:12.080 I don't see any information on how the attack was carried out. 06:12.080 --> 06:18.040 You know, we don't know if this was like a sysadman hunt or a fishing type of attack or anything 06:18.040 --> 06:20.720 with that information, it's just not present. 06:20.720 --> 06:24.960 And I'm willing to bet it's because somebody used password 1, 2, 3. 06:24.960 --> 06:30.000 I need to be clear, the article did not say that, but I wouldn't put it past them either, 06:30.000 --> 06:31.000 right? 06:31.000 --> 06:36.200 You got one individual somewhere in this investigation that had password 1, 2, 3. 06:36.200 --> 06:42.720 Well, for the Swiss government or X-plane, you got my email, go ahead and contact me. 06:42.720 --> 06:48.120 I can only promise you one thing that the next time you get breached, at least with me 06:48.120 --> 06:50.720 on board, you'll have a much better time. 06:50.720 --> 06:52.960 We'll throw a breached barbecue. 06:52.960 --> 06:57.840 We'll do it almost like when it was gender reveal parties, except rather than revealing 06:57.840 --> 07:01.840 the gender, we'll be revealing how we got breached, right? 07:01.840 --> 07:07.160 And the name of the person who who's at ground zero during the attack, right, whoever was 07:07.160 --> 07:10.360 targeted for the attack, put them on blast. 07:10.360 --> 07:15.400 Can you imagine how hard it would be to get hired after something like that, so we probably 07:15.400 --> 07:16.400 wouldn't do that. 07:16.400 --> 07:17.400 That would be too mean. 07:17.480 --> 07:19.920 You imagine putting, like, okay. 07:19.920 --> 07:26.200 We have determined that the person responsible for the breached was D&T. 07:26.200 --> 07:31.320 If you have any questions concerning the breached, contact D&T. 07:31.320 --> 07:34.360 Ooh, that one was a toughie. 07:34.360 --> 07:37.400 Maybe we should move to something a little bit lighter. 07:37.400 --> 07:40.840 Let's move over to Dark Reader for just a moment. 07:40.840 --> 07:46.640 Spoofed the Zoom, Google and Skype meetings spread corporate remote access trogents. 07:46.640 --> 07:52.760 Now this story brings me back to a time when Microsoft mentioned in the past that they 07:52.760 --> 07:57.800 were going to be making it possible for Android apps to run on Windows. 07:57.800 --> 07:59.200 Does anybody remember that? 07:59.200 --> 08:05.640 Now Windows, which is already just flooded with malware because they have the largest, they 08:05.640 --> 08:08.080 have the largest user population. 08:08.080 --> 08:12.960 The vast majority of the machines you buy out there today come pre-loaded with Windows. 08:12.960 --> 08:14.280 So that's understandable. 08:14.280 --> 08:19.360 I'm not faulting them for having malware when you have a large user population, obviously 08:19.360 --> 08:21.000 you're going to have more tax. 08:21.000 --> 08:27.240 But to think that it would be a good idea and allow Android applications knowing that Android 08:27.240 --> 08:32.280 is just, at this point, Android is malware. 08:32.280 --> 08:40.920 You know, it's so bad over an Android market and look, sorry, not sorry Android users out 08:40.920 --> 08:41.920 there. 08:41.920 --> 08:47.600 If you're using like F-droid or something like that, okay, kudos, I got you, right? 08:47.600 --> 08:52.040 There's a sale-fish OS for those of you that can run it from understanding it didn't 08:52.040 --> 08:56.600 run well here in the US, like no carrier, whatever, I'll let you get out on network with 08:56.600 --> 08:57.600 it or whatever. 08:57.600 --> 09:01.520 I could be mistaken, but that's just what I remember from the last time I heard something 09:01.520 --> 09:02.520 about it. 09:02.520 --> 09:08.680 What were another if you just run a stock Android from whatever vendor, LG, Samsung, whatever. 09:08.680 --> 09:17.000 You gotta know you're dealing with a ton of malware, that you wrap that malware burrito. 09:17.000 --> 09:18.000 You know what I mean? 09:18.000 --> 09:24.840 You got malware, flatbread, called Windows, and you sprinkle in a whole bunch of malware 09:24.840 --> 09:27.600 from Google. 09:27.600 --> 09:28.600 It's terrible. 09:28.600 --> 09:31.680 I'm going to give you a little bit of a spoiler alert here. 09:31.680 --> 09:34.040 You should have just used Jitsi, all right? 09:34.040 --> 09:41.520 But in any who, the attacker is basically using fake meetings, luring people in for these 09:41.520 --> 09:42.520 rats. 09:42.520 --> 09:46.520 And by rat, I mean, remote access, Trojan, and you know what? 09:46.520 --> 09:47.520 Not even just Jitsi. 09:47.520 --> 09:49.800 I mean, has anybody heard a next cloud recently? 09:49.800 --> 09:51.000 I mean, you know what I mean? 09:51.000 --> 09:56.080 There's so many better ways to do this, and a lot of these meetings, I'm pretty sure 09:56.080 --> 09:58.600 could have just been an email, right? 09:58.600 --> 09:59.600 Am I right? 09:59.600 --> 10:03.080 Where you can get fished like a responsible adult. 10:03.080 --> 10:05.680 Now I love the marketing in this article. 10:05.680 --> 10:10.040 They have a nice little slogan here, click to compromise. 10:10.040 --> 10:11.040 That's a good one. 10:11.040 --> 10:18.080 If only Windows had a repository of software where you could go in the terminal and use 10:18.080 --> 10:25.400 your package manager to pull down software that has been reviewed by, you know, knowing 10:25.400 --> 10:30.640 Windows it'll probably most likely just be Microsoft employees, but, you know, if they 10:30.640 --> 10:36.560 were going to do things in an open manner, you can get more eyes on not just the software 10:36.560 --> 10:39.360 itself, but the code, but we're not going to go there. 10:39.360 --> 10:42.680 Oh, wait, I forgot Microsoft Heart Selanix, that's right, I forgot about that. 10:42.680 --> 10:45.200 I mean, they did open source to calculate it, right? 10:45.200 --> 10:51.640 But what we do, we do have that fantastic new calculator, just just what we always wanted. 10:51.640 --> 10:57.320 I include this article so that the next time you get invited to a terrible meeting at 10:57.320 --> 10:59.960 work, share this article with your boss. 11:00.000 --> 11:04.800 I don't know, look, I can't go to each of these meetings because it's too dangerous. 11:04.800 --> 11:05.800 It's too dangerous. 11:05.800 --> 11:07.400 I could, I could lose my credentials. 11:07.400 --> 11:13.240 I could get remote access, Trojan, especially if you're forced to run Windows as well. 11:13.240 --> 11:14.240 Oh, goodness. 11:14.240 --> 11:18.760 And if you're still using Android, good heavens shut that thing down and get to some 11:18.760 --> 11:19.760 F droid. 11:19.760 --> 11:24.880 Or you can do like the rest of us who, you know, those of us that wear our top hats and 11:24.880 --> 11:31.720 monocles walk with a cane, we are in our, in our, in our Tuxedos, we carry iPhones. 11:31.720 --> 11:35.600 Yeah, we have, we have the blue bubble of sophistication. 11:35.600 --> 11:40.240 Nevermind that it's almost impossible for us to do anything with the device and we own 11:40.240 --> 11:43.720 nothing, not even the device itself, nevermind any of that. 11:43.720 --> 11:45.400 We got the blue bubbles, okay? 11:45.400 --> 11:48.960 Alrighty, ladies and gentlemen, that's all I got time for today. 11:48.960 --> 11:52.000 I hope you guys enjoyed another episode of the Ono News. 11:52.000 --> 11:58.000 If you have any questions about any of the pearl clutching panic ridden nonsense, we've 11:58.000 --> 12:04.080 broadcast here today on Hacker Public Radio, please contact D&T. 12:04.080 --> 12:08.360 You're welcome to leave a comment, I'll show it would be much appreciated. 12:08.360 --> 12:13.400 And for those of you that are new to Hacker Public Radio, you can start by just introducing 12:13.400 --> 12:18.960 yourself, letting us know who you are and what sort of hobbies you enjoy. 12:18.960 --> 12:22.760 If you're worried about rather or not, we'd be interested in it, I mean, just look at what 12:22.760 --> 12:23.760 I'm doing. 12:23.760 --> 12:26.960 Clearly, it can't be too hard if I'm able to do it, right? 12:26.960 --> 12:29.200 And don't worry about if people like it or not. 12:29.200 --> 12:36.480 I've been doing this for a little while now, and I have not had one single complaint at all 12:36.480 --> 12:37.480 never. 12:37.480 --> 12:38.920 Oh, wink, wink. 12:38.920 --> 12:43.120 So don't be shy, come on out here, give us a show, and I'll catch you guys in the next 12:43.120 --> 12:44.720 episode of Hacker Public Radio. 12:44.720 --> 12:50.120 Goodbye. 12:50.120 --> 12:54.880 You have been listening to Hacker Public Radio at Hacker Public Radio.org. 12:54.880 --> 12:59.880 Today's show was contributed by a HBR listening to like yourself, if you ever thought 12:59.880 --> 13:01.680 of recording podcasts. 13:01.680 --> 13:06.680 Click on our contributally to find out how easy it means. 13:06.680 --> 13:13.640 Hosting Prage VR has been kindly provided by an onsthost.com, the Internet archive and our 13:13.640 --> 13:14.640 single.net. 13:14.640 --> 13:21.120 On this otherwise status, today's show is released on our Creative Commons, Attribution 13:21.120 --> 13:23.120 4.0 International License.